National Industrial Security Program Policy Advisory Committee
Minutes of the Meeting' Wednesday, November 7, 2001 (AS APPROVED AT THE MEETING OF MAY 21, 2002)
The National Industrial Security Program Policy Advisory Committee (NISPPAC) held its eighteenth meeting on November 7, 2001 at 10:00 a.m., at the National Archives Building, 700 Pennsylvania Avenue, Northwest, Washington, D.C. Steven Garfinkel, Director, Information Security Oversight Office (ISOO), chaired the meeting. The meeting was open to the public.
Welcome and Introductions:
Approval of Minutes
Recalling the tragedies of September 11th, the Chair invited the attendees to join him in saying the "Pledge of Allegiance" followed by singing "America the Beautiful." This was also the Chair's last NISPPAC meeting before his retirement. He expressed his appreciation to all the NISPPAC members for their dedication to the National Industrial Security Program. After welcoming those in attendance and the self-introductions, the Chair began the meeting by submitting the minutes of the April 5, 2001 meeting to the Committee for approval. They were approved with no changes.
Recognition of Outgoing Industry Members and Introduction of Incoming Industry Members
The Chair welcomed incoming industry members Dianne Raynor, MCA Engineers, Inc., and James P. Linn, SAIC. The Chair extended his deep appreciation on behalf of the NISPPAC to outgoing members Raymond Kang and Susan Mitchell for their four years of distinctive service to the NISPPAC. The Chair stated that he hoped that they would maintain an ongoing dialogue with the NISPPAC and its members.
Executive Agent's Update
Rosalind Baybutt, Deputy Director for Industrial Security, Office of the Assistant Secretary Of Defense (C3I), Office of the Secretary of Defense, reported on the status of J. William Leonard; the Industrial Security Mission Area Assessment; E-Commerce and its effect on Joint Personnel Adjudication System (JPAS); United States Express Mail; and the Defense Authorization Act.
A New Deputy Assistant Secretary of Defense
Ms. Baybutt reported to the Committee that J. William Leonard, Deputy Assistant Secretary of Security Information Operations (S&IO), may be leaving his post, and possibly be replaced by Carol Haave. Ms. Haave has served as a Facility Security Officer and President of a contracting facility for the Department of the Defense (DoD). She has also worked with the Defense Advanced Research Project Agency and the Defense Science Board.
Industrial Security Mission Area Assessment
Ms. Baybutt informed the Committee that Dr. John Shay of the Institute for Defense Analysis (IDA) is conducting a mission area study of DoD's industrial security program. The IDA was authorized to conduct this study due to concerns over DoD's industrial security practices and policies. Ms. Baybutt indicated that Mr. Leonard hopes that the assessment will provide a full view of DoD's industrial security program.
2001 Cost Collection Data and Use of Electronic Systems
Ms. Baybutt reminded the Committee members that their annual cost data submissions are due. Concerning the use of electronic systems, Ms. Baybutt acknowledged that the DoD is pushing very hard for all of its components to use electronic systems as much as possible. She stated that the next Industrial Security Letter (ISL) will be the last one that is printed and future ISL's can only be obtained electronically.
Restricted Mail from the United Kingdom and United States Express Mail
Ms. Baybutt alerted the Committee about concerns over the hold-up of Chapter 10 of the NISPOM and the handling of restricted mail from the United Kingdom (U.K.). Representatives from the U.K. are scheduled to visit the United States to discuss the matter. The Department of Energy (DOE) has expressed a concern that U.S. Express Mail is not a secure method of transmitting classified information. DOE reported one major case involving the loss of classified information. According to Mrs. Baybutt, no other entity or agency registered a concern about the use of U.S. Express Mail.
Update on the Defense Authorization Act
Ms. Baybutt provided a comprehensive explanation of the Defense Authorization Act. The General Services Administration has published guidance on the discontinuance of purchasing the X07 lock. The guidance advises that agencies and other entities may continue to use the current locks but should discontinue purchasing anymore. Ms. Baybutt explained that there did not appear to be any significant monetary increase in the Senate version of the Defense Authorization Act. She noted however, that the House version included an increase of $10 million dollars for the Defense Logistics Agency. The House version did not indicate specific expenditures for the increase; though, it appears that there is a plan to negotiate the installation of the newer version, X08 and X09 locks.
Judith Hughes, Deputy Director of Security Programs, Defense Security Service (DSS), gave an update on the DSS Case Control Management System (CCMS); backlog referrals to the Office of Personnel Management (OPM); fee for service; and the Defense Management Council.
Case Control Management System
Mrs. Hughes stated that DSS has made a great deal of progress in stabilizing the CCMS. The Defense Intelligence Organization (DIO) and General Accounting Office (GAO) conducted favorable reviews, further validating the stabilization of the system. In Fiscal Year 2001, DSS completed over 600,000 investigations, the highest number ever processed in a year. Another positive sign is that DSS output has exceeded its input for investigations. DSS currently has 240,000 cases pending investigation, with a goal of bringing it down to 130,000 - 150,000.
Backlog Referral to OPM and DISCO
DSS redirected all military and civilian investigations to OPM. When OPM's caseload returns to DSS, DSS will strive to maintain the same timeframe of completing work in 90-120 days. However, DSS will probably not reach this standard until summer. Currently, the methodology for processing investigations is "first in, first out." When OPM work returns, DSS will revert to "last in, first out," which will further delay cases already in the system. DISCO continues to issue the majority of interim clearances rather quickly. The only exception is the processing of an "issue-oriented" case.
Fee For Service and Defense Management Council
Fee for service continues to be an issue. It is not clear whether industry will have to pay a "fee for service" charge in FY 2003. The Defense Management Council reached its goal of 98% of its facilities receiving a security review within 12 months, and it intends to maintain this goal in the future.
Subcommittee Working Group Update
Rudolph H. Waddy, Associate Director for Operations, ISOO, briefed the membership on the status of the NISPPAC Subcommittee, which was tasked to recommend to the NISPPAC actions to improve the operations of the National Industrial Security Program (NISP). Mr. Waddy indicated that the Subcommittee used several approaches to accomplish its objective. The approaches included: (1) conducting a four-question survey; (2) soliciting comments at the NCMS Conference; and (3) discussing perceived strengths and weaknesses of the NISPPAC. The results of these approaches indicate that the NISPPAC is effective in fostering open dialogue between Government and industry, keeping lines of communication open, and serving as a clearing-house for information on broad security policies and practices. The results also indicate that the NISPPAC is less effective in encouraging prompt resolution of policy issues, reaching out to non-signatory stakeholders, and encouraging active oversight. Mr. Waddy then presented the Subcommittee's four recommendations to improve the NISPPAC's shortcomings. The first recommendation was to make the NISPPAC a more "issue-oriented" body. Using an issue-based approach to NISPPAC meetings would foster more focused discussions and better use the experience base of the participants. The second recommendation was to use ad-hoc working groups, which would be useful in determining when or if an issue is "ripe" for consideration. Ad-hoc working groups would also be useful in determining when an unscheduled meeting is necessary and when a NISPPAC meeting should be open or closed. The third recommendation was that the NISPPAC develop a marketing campaign through brochures, CD-ROM presentations, and a NISPPAC website. The last recommendation was that ISOO increase its oversight to ensure compliance with the NISP. Mr. Waddy indicated that ISOO's increased visibility would serve as a mechanism to verify issues and ensure program continuity. Mr. Waddy concluded by stating that the Subcommittee was open to more suggestions for fortifying and improving the NISP. He also noted that a final report would be forthcoming.
Impact of Proposed Legislation Regarding High Security Locks
Gregory A. Gwash, Director, Security and Fire Protection, The Boeing Company, briefed the membership on the possible impact of Senator Bunning's (R-KY) proposed legislation. Mr. Gwash explained that the proposed legislation would: (1) move up the replacement of current containers with Class 6 containers seven years sooner than the current timeframe; (2) render unusable all existing mechanical lock containers, previously grandfathered by DoD; thereby requiring their retrofit or replacement; and (3) make obsolete all X-07 electronic locks. Mr. Gwash cited a recent survey of U.S. cleared facilities that estimated industry's cost to implement the proposed legislation. Two percent of those surveyed noted costs of $106.6 million. This estimate included the purchase of X08/9 equipped containers along with $7.8 million to retrofit closed area portals. These figures do not address labor costs. The remaining 98% of industry estimated its cost at $125 million. Neither of these estimates included the many hidden costs incurred while a GSA lock is being retrofitted such as temporary storage of material or any other unforeseen expenses. Mr. Gwash commented that this legislation presented an unnecessary cost burden to industry. Further, the availability of locks and containers is questionable, especially now that Mosler Company has gone out of business. Mr. Gwash concluded that the requirements of the proposed legislation are not economically or logistically feasible. The Committee agreed to send a letter of concern to the Executive Agent and the National Security Council about this proposed legislation.
Joint Security Training Consortium (JSTC) Update
Geoff Watson, Director, Joint Security Training Consortium (JSTC), briefed the membership on the status of the JSTC. The JSTC was chartered and jointly funded by the Intelligence Community (IC)/Department of Defense (DoD) at $22 million which allocated $2 million for FY 2002 and $4 million for FY's 2003-2007. The JSTC is attempting to respond to three key issues: (1) core security training requirements; (2) current training programs' effectiveness; and (3) security as a profession. Mr. Watson stated that the JSTC's purpose is to strengthen skills and career development in the IC and DoD. The JSTC defined four mission areas to achieve its purpose: (1) developing and implementing policy for core security training and professional development; (2) providing security certification programs; (3) integrating security education and training into a reciprocal program and enabling cross-disciplinary certification; and (4) ensuring core security training is reciprocated and evaluated for gaps in training. The JSTC established an executive staff located in Crystal City, Virginia and can be reached on (703) 602-2233. For FY 2002, Mr. Watson said that the JSTC plans to: document core disciplines/functions; begin JSTC evaluation process; catalogue existing training; initiate policy development; conduct a community-wide survey; conduct two prototype seminars; establish initial electronic web site; and prepare a technical plan.
Proposal for a Modern Personnel Security Investigation Program In Support of the NISP
Maynard Anderson, President, Arcadia Group Worldwide, Inc., presented some industry members' views on modernizing the personnel security investigations program. In his remarks, Mr. Anderson stated three main reasons for modernizing the personnel security investigations program. They are: (1) increasing costs that industry and Government encounter in time, money, talent, and capabilities; (2) redundancy that exists because industry does its own inquiries prior to the applicants submission of the request for clearance; and (3) waste because 99% of the applicants receive a clearance after the investigation is completed. Mr. Anderson indicated that by failing to take action, both Government and industry contribute to the delay in providing national defense capabilities. He advocates developing a system that recognizes the changing landscape and geopolitical situation. He advocates formulating a clearance system that, in his words, is "realistic" in scope and process. From his perspective, it is better to deal with the motivations and vulnerabilities of an applicant rather than the ever changing and often unidentifiable threats that might exist. Essentially, as indicated in his proposal, he favors a personnel security investigations program that does a better job of managing the risk and ensuring that we know our cleared population.
Following presentations by selected agency representatives, the Chair opened the floor for further discussion. During the open forum, NISPPAC representative, Patricia B. Tomaselli, Director of Electronics System Security, Northrop Grumman Corporation, indicated that industry would like the NISPPAC to focus on several topics. Ms. Tomaselli explained that the topics evolved as a result of recommendations presented by the NISPPAC Subcommittee on ways to fortify and improve the NISP. The topics included: (1) meaningful clearance reform; (2) reciprocity issues between various agencies; (3) fee-for-service; (4) sensitive, but unclassified data protection implementation; and (5) Chapter 8, Automated Information Systems (AIS). Ms. Tomaselli indicated that she hopes that these topics can be discussed in further detail this coming year.
Chairman and Members The members expressed thanks and appreciation to the Chair for his leadership in light of his upcoming retirement. The Chair thanked the membership for these sentiments and indicated his appreciation for all their efforts on the NISPPAC. He also indicated that the Director's position of ISOO remains open if any members wish to apply. The meeting was adjourned.